[TLS] Re: Ketan Talaulikar's No Objection on draft-ietf-tls-tls12-frozen-07: (with COMMENT)

Achim Kraus <achimkraus@gmx.net> Tue, 10 June 2025 12:38 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CF7B73325A9F for <tls@mail2.ietf.org>; Tue, 10 Jun 2025 05:38:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_vP6gQJnbvN for <tls@mail2.ietf.org>; Tue, 10 Jun 2025 05:38:28 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 357673325A9A for <tls@ietf.org>; Tue, 10 Jun 2025 05:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net; s=s31663417; t=1749559101; x=1750163901; i=achimkraus@gmx.net; bh=Qz9oZr556dL5jWTX0y2lNalqwJfJlU5ijJS4CRK27ec=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:Cc: References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=P3it52UE3CDzW9Vbc8Tc0spGvsDR+nWQbHd1biU+HoZq1lbAVqbpl7lqWYvxCWDH RWQtYBO/Mg6P81NdfkYkd5gAHphtuXUuX/cAgH5a/S4iKw0wpVu6/qAlJvNQ6O3HY I/x5ri5QVBROfXV/QmLI1KWu5rpoK8n9gGW0X+C2xd9gQG5CjY4GZeIGLBwUMRRgZ 3jwma+fcWmXsIlsRp3ip376AqZ42VBXJ9+SKOLibqe6Y3beUtDPHNj2my7nE+pj2c fGW3/vqd1CVf/CMQ9E6UeOkmIElx9yaHAL9avXSl250LzsjZdVbwkw1RTv+7Dk+y2 1MI8WQ4iTMubNJBH1w==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.178.10] ([5.146.193.180]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MY6Cb-1uJniC1n7F-00Ohbc; Tue, 10 Jun 2025 14:38:21 +0200
Message-ID: <a52fd1f5-f99d-45d1-8203-1cd06475f361@gmx.net>
Date: Tue, 10 Jun 2025 14:38:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Eric Rescorla <ekr@rtfm.com>
References: <a6dfaeec1f3f412a9231fe0ad0d9881c@bofa.com> <CABcZeBOpH1pMYWzRS=qNmOKbFQTA+CxCUQ2CcKBMsvS0xMsn2Q@mail.gmail.com> <ME0P300MB0713D6E2282DE1B36F273AA6EE69A@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <CABcZeBNd+L0N3gcXBOPwN-E-e68QDb5G1SDCTHMKCG=PkWmiBg@mail.gmail.com> <ME0P300MB0713C94AF94ED149C8ED034FEE6BA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <CABcZeBOM=B_HJmccc8WHyAy77ZmtA313mx8CcV41PifOboHT=A@mail.gmail.com> <ME0P300MB0713D73817A18D5C1EE671EBEE6AA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Content-Language: de-AT-frami, en-US
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <ME0P300MB0713D73817A18D5C1EE671EBEE6AA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:W31GsjtwCFvA7g9fVr+7N5uLac8TX/Lx9Wbl/neQc5VHw81oHVR wr0gos+v2mXNDM0E5uvTFlDWEAUGjmfDBrm8Rez/pqFsoR4WDmVEXNyHnrCZs7ttqmum05t u7QxX+iS35cPd2pLZHH0Lcfp83j+xM1TcskUzaEQAhR4erkJUW2tI2PR/cFV2GSh96l7jv8 qClEVp9itcrxPQVdyBa4w==
UI-OutboundReport: notjunk:1;M01:P0:D2ioLCHSUKY=;f1GlhnFHh8JHJpddIy3jHuxpA6s iclQtGyinm+2nZH3n5RUEDIZYDe27Gnujeu4iri0F0o78Rvk02D0qwf/cp80i3yAVKavm8Jvm rGhkHBlf3ZgSH2KhWnB2m6n21TinzmQXnddKWsFFg7q8gLo4PwmDZCSAGZzFVjgldiTOynpBk oUVkRPYq+MwuNp8s0SjArTTNVf+LY3kZVYwpOjg5v47fhmRqWBkYiktsDoYVDKFweZh0FbP51 pRFfa0xqOH51FUFh+xQKJPHP42qrEHZP3khRpv+BZv07bLLhOewN19aJ4pU6NVw+/VOFwgUEN B1lyIrLFjPQoCfB4mHchYvKcZbU9Td9UeIwyzxXqU8wPB7xc8yrJcy3ZlsSt4oGtjCqhGlzqM UF6e6dC8PYQeGmur7VzkGwTQeY2tOHl5cj7Q9miXPGqBQ77r6XKA/boqe8JITsoe/sJO+nJOM JDSD99hyG/rMx9ZQwYBrtkTLKvWk5nx26A0+vCN0z1ulSBx11Ezbus6D/lUOnZmpEfTunSsST EKuXYwEmJdys+9Euq5s+cAHxpwtsYzPx2LU6/rwLURmHJGP3DLuIrqJ+9eJoXDv66kmfLoNmb ecbZBFCTvrCSJbWiqQjsURCNYyq3OdOLHGniMuUGcJ0TbGqLzZ2B0yP1bBlp3CsL/T4mj6pkR NZ81GFpzu7Ff34DHOyGf1+ubRMK9aZcwpvCalLgiiCXRhTDs34Vd2Zmxtc1R9XxpmsCnM9uEY TmoAeX/bFfqhMzoyO3SgjCKTDDCi51ZoCOQWNdeEX697a6NlbHlngoNvWqXAnspR38FTkNfxj up4LI/po1m2P2rDcQMHVGjRlpAMWJ5XqM8HnrrHm/Ss7viPhVTyGJHfFgKmbAEWP/RBqJsaRZ sGIwA7xMtmUIUjaS3ZbqSUGzLTHL0nTNGAqdK/sKNpfYvZ2mU1XdbYMm96kTO08Dag+EGHdSa LawSvDxVg5kz0GaxDWW/PA4bSGXpXjjWHOw0YeR5dRS23wZt+vzRRSKNrbwEntT2F2lvxeWlP gtHlbw9VC862V95DCRtaL/yohvUVjy9RfU8Vu41v9yEXjitCrOISfVgAlFPx+rSDkZ7qWyoHh 8Brwf6jn9yc6hZJ1NNQ4WF0VBmuJLM+pyUL9WZlDxjHOIlnKs2MO6IpgIPummocpKb7DNNAh7 g/FGjXWPWK+hx4E5cBPd89TvO654XbichElmWHw2slCniBdwQVzY4xGeDkY89MXzh1S7Bn8D/ zFvNusy9rum22YJFYrBXr6TxBoj5NGi/iA2ip13yZjTVzP5tX4ujEq+/FJxs+E6HL1keUhnMv if4BKdpk3/3HaokhqCq4/LTcU49DpILy47mhQZZFInyRyWLK4xVqYokGsWxlaxMI2pENJPXCQ Vb9DR8biwHtKUwVKBfcuJrzSGvqwZriSXE/L1oFF1Yjlv2FXrhHuD2wJGs444sgaky5u4P1gz nEmocFh1El3wwmP+FqGnmvX4ulZ6jNYQifZ0chxD25cwfYM0E8SibGF2WTmE6Dg5DmqTF8sDu mCJm0J4XEWFq9YAJ+YGWcgF5MOjFzwmLC9W3OfWpOIbRl1/Imro7v7I4qPeOvD5NGVa6g6AGF NqsWaTC+hWHC/dYDt7kCRwwkjni/RbNd3hWyPhfyGXspnv6uvpp50t4ikBxuL8uMysn8ZStuu qg4tKubXCFxYD1mCCnNhR8ySr1cqsD8gB7gBT/5aIpRM/xpLb+k7UvksPSHDkeMX/kH0kYBrd vTeYMc03UgEEqhOqRDd9WPcD6AtutSLLmM5q6YJj/Nmc/HidBpbF3DgvWCidJ0mW1/tf6kCZr +gzrTcbaDn4YUdLW4IEeGdi/yFi8yCovB371SA67mk9/WeYfFszy+7tsNJceJAvoLecaciIij hc8oqGrXOBh/bXCLb20g6bP8vQCRarcK/pFIMwikMIqajz+g0LDnUHuTEPKJ/P2Lukv0HFKTg fjCh9awwD3jRUgysF1jYlMmlIa5AgQmaJHFDLUA8hR6FPGA7L93759606fItK3VDhU+D1EGyi CGvGSso5+NLyam6XWLMs7sdh3TmNfjGi2Ym/Prq/vJhqAD3qxetQJ8uF8gKYMduq1mc2kqW/q 9IZYF52SAD5TTEbMkUyq9dX11U7K3KJT/ErR3/fxFjyuM1JCtcJWoeMuyp3/8oG9/J4Iwosrs JtCTfxfnzbKPGggH5Bx3dzc/crzpmZcFFNY2ud11pkGzMaQFgRXIqj69PquJr8zCzEmJrUiAX VCrXpTxf6xNS03Fe4K5467g7TNSeghVlmHOf5UbtZH5DQ5U/wlGLCJZoSurCJybmK1YBYCCeD Odvc7NRqE9qp4ps9ziLGTpsByQawdQet04Od9BLHnWhc/G7Nh3sP1Fsktz7xqFPoUM3U8e6sg i+Q8o9gXVpihROMCLeORCPK43Ek7nuM8kahAS8wCkVoVJFpuQ1tBolwjgVnugb9fVWkD7zcs2 ruR/UB9ZFzRUG8mGeEYJm3z5FYY+LshnWmwoVqPNqHcxmv9s+Nc9ODHHWjcG8EOBETm/u7oJB YzAPaoNFabaqpyxH4bvxKSbYsiGwZOgroWozMf6QvjSYeVzNoX+mlmUGJHYFU/Ki7NUKVGAzk xxBKrYedp37xltI4Ecbi7O6xFWDufFZsidmq8iwkx/gsnnKpCpYomGjiWqygRaWpSAqczuPJ4 F2GJRtcRpY89S6r4J+m9FzqrDYd6urmacqGcMOT0QlbHNdZOob8Z00LtTW6J2p/Iy2WuBKxBl RBZCdW40+Jp4kVd+3xcdPQLsK7n2O01E6WWAff678TM9pAyOLd7I4r3dMI7+IGHTt3LyLw34q wRmnDgZaioPxyWoGKUKQ2yTXCVz6BkSVNBy3G0Xl57qcue4jFGvFkjJFY73aNnMCCTJLTj3Wd I3YJhh1LYTdVUO6W0owH+BJf/7lAUqdKhoKY0Dh1IHVIMcVc1Ddo1b7OslVGACmmE7roaT7AF nFdFCt1SaUzVYqR1OOtY5Q4BEXDurpccycvJBYbr8hz439Xmjj7s+hU+gX+nHDRZ15LLNeYUb rP4NrzK+h/I32YgCASEOTPCF0Nvww442TEqKQLg2NwoLxccjckBRND5Ke4/LwM02aDSq9z88O nmeBR4tTMMqCAeXr2YrkNoYUEmfSiHlwwDYVZ+dU/a2kKsg45RbhesSrT3hxanttVsEht9ZvR rFIUIMQck10N58Qaq/aK8eAWFVWNjIBKD/lr8E/DH9K8awRG6AFRulEO8g/2O6tPf3uLJiC3Y +/vGzMxa6kqry+vS
Message-ID-Hash: XRPPE2HCFQNUBFGYTT76CB4FVTH5UFNF
X-Message-ID-Hash: XRPPE2HCFQNUBFGYTT76CB4FVTH5UFNF
X-MailFrom: achimkraus@gmx.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Ketan Talaulikar's No Objection on draft-ietf-tls-tls12-frozen-07: (with COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TcF2BoBuDTX9RQVtjmXMSjiopZE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi Peter
Hi Eric,

let me start, that my experience with "non web TLS" questions
here in the list isn't that good, but that's not only for a
year or half. I also don't want to blame someone. Community
approaches usually require a lot of "volunteers", and that's
much easier, if there is also a huge user base.

If we use shodan.io and search for:

protocols | hits
----------+------------
http      | 494,416,751
https     |  25,094,459
amqp      |     808,842
mqtt      |     451,617
coap      |     267,177

tls       |   3,909,386
dtls      |         207

we get already an impression about that.

If we then see, that the approach of the TLS group to get more
quality (security) naturally takes more resources, then this
will change in the future even more towards the web only domain.

I guess other use-case will simply "fork their security" and do
something as OSCORE or other approaches (e.g. AFAIK MQTT-SN
started to consider alternative approaches for DTLS at least 1.5
years ago). In my opinion, these alternatives will not provide the
same security, but they may be more viable, when the user- and
expert-base isn't that huge.

 > we just need to sit back and wait a bit.

We will see.

br
Achim

Am 10.06.25 um 11:29 schrieb Peter Gutmann:
> Eric Rescorla <ekr@rtfm.com> writes:
> 
>> in order to feed your particular hobby horse.
> 
> Because someone has to keep pointing out that the TLS WG for some years now
> hasn't been representative of TLS use in general but mostly just TLS for the
> web.  This shouldn't be too hard to demonstrate, could folks on the list who
> work in embedded, SCADA, industrial control, device-based TLS (not really sure
> how to classify the set, that's a bit of a handwave) who have also posted to
> the list at least once in the last six months, a very low barrier, please
> identify themselves?  A head count shouldn't be hard to do, we just need to
> sit back and wait a bit.
> 
> Peter.
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org